The Caldicott Committee, chaired by Dame Fiona Caldicott, was set up by the Chief Medical Officer for Health following increasing concerns regarding the way information flowed, not only within NHS organisations, but also to and from non-NHS organisations. The resulting report, 'The Caldicott Committee: Report on the Review of Patient-identifiable Information', was published in December 1997.

The Report made sixteen recommendations. One of the key recommendations was the appointment of a Caldicott Guardian, who should be either a senior health professional or an existing member of the management board, for each organisation. Among the Guardian's roles is responsibility for agreeing and reviewing protocols for governing the disclosure of personal- identifiable information across organisational boundaries.

The Committee also developed a set of six general principles for the safe handling of personal- identifiable information, and these Principles are the guidelines to which the NHS works. They work hand-in-hand with the Principles of the Data Protection Act 1998, which came into force on 1 March 2000. They both cover information held in whatever format - electronic, paper, verbal, or visual. The six Caldicott Principles must be adhered to when collecting, transferring, or generally working with personal-identifiable information.

The Caldicott Principles

1. Justify the purpose(s) of using confidential information

Every proposed use or transfer of patient-identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed, by an appropriate guardian.

2. Do not use patient-identifiable information unless it is absolutely necessary

Patient-identifiable information items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s)....